Revision 32884e54
Added by Oleh Fedorenko over 1 year ago
| app/controllers/api/v2/users_controller.rb | ||
|---|---|---|
|
['compute_attributes']
|
||
|
|
||
|
before_action :find_optional_nested_object
|
||
|
skip_before_action :authorize, :only => [:extlogin]
|
||
|
before_action :authenticate, :only => [:extlogin]
|
||
|
|
||
|
api :GET, "/users/", N_("List all users")
|
||
|
api :GET, "/auth_source_ldaps/:auth_source_ldap_id/users", N_("List all users for LDAP authentication source")
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
api :GET, "/users/extlogin", N_("Use to authenticate against external authentication source")
|
||
|
def extlogin
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def find_resource
|
||
| config/routes/api/v2.rb | ||
|---|---|---|
|
resources :table_preferences, :only => [:index, :create, :destroy, :show, :update]
|
||
|
resources :mail_notifications, :only => [:create, :destroy, :update]
|
||
|
get 'mail_notifications', :to => 'mail_notifications#user_mail_notifications', :on => :member
|
||
|
get 'extlogin', :to => 'users#extlogin', :on => :collection
|
||
|
end
|
||
|
end
|
||
|
|
||
| test/unit/foreman/access_permissions_test.rb | ||
|---|---|---|
|
"api/graphql/execute",
|
||
|
|
||
|
# ping
|
||
|
"api/v2/ping/ping"
|
||
|
"api/v2/ping/ping",
|
||
|
|
||
|
"api/v2/users/extlogin"
|
||
|
]
|
||
|
|
||
|
MAY_SKIP_AUTHORIZED = ["about/index", "react/index", "api/v2/ping/ping"]
|
||
Also available in: Unified diff
Fixes #35473 - Add extlogin API endpoint
/users/extlogin endpoint is designed for UI interaction, thus
using this endpoint to create a session to be used via API will
fail with "Can't verify CSRF token authenticity" for any method
except GET. We need to have a separate endpoint to create a proper
session to be used via API.